LDAP accounts

The system assigns LDAP accounts to groups of users and controls the access at the group level. You assign access levels to the groups on the LDAP server by using role mapping. When you choose to use LDAP for authentication and authorization, the following user roles apply by default:

  • On the BMC Application Performance Management Console, all users are assigned the Observer role.
  • On the Excerpt named varcompruan was not found in document xwiki:IT-Operations-Management.Operations-Management.BMC-Real-End-User-Experience-Monitoring.EUEM20._inclusionsLibrary.varCompRUAn.WebHome., users have no access to the system.

The following topics provide information and instructions about working with LDAP accounts:

The system can integrate with the following LDAP servers:

  • Microsoft Windows Server 2003 Active Directory
  • OpenLDAP (slapd)
  • Oracle Application Server

When logged on as a user with the Security role, you can configure the system to automatically create Observer accounts for users that are registered on the LDAP server. Following this configuration, you do not need to add accounts administratively for remotely authenticated or authorized users.

The following approaches are possible:

  • Hybrid — The system only authenticates LDAP users. These users acquire Observer accounts.

  • Full — LDAP users are authenticated and authorized. These users acquire accounts that are associated with the roles mapped to their LDAP group. If no explicit role mapping exits, they acquire accounts that are associated with the "catch-all" role (configurable in the Role mapping view of the Accounts and LDAP management page).

    Note

    Use role mapping only when the LDAP server is managing authorization for the device.

Related topic

Creating-a-local-account

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*